Indeed's vulnerability disclosure policy
Vulnerability disclosure philosophy
Indeed believes effective disclosure of security vulnerabilities requires mutual trust, respect, transparency and common good between Indeed and Security Researchers. Together, our vigilant expertise promotes the continued security and privacy of Indeed customers, products, and services.
Indeed accepts vulnerability reports from all sources such as independent security researchers, industry partners, vendors, customers and consultants. Indeed defines a security vulnerability as an unintended weakness or exposure that could be used to compromise the integrity, availability or confidentiality of our products and services.
This policy applies to any digital assets owned, operated, or maintained by Indeed, including public facing websites.
Our commitment to researchers
What we ask of researchers
Indeed recommends that security researchers share the details of any suspected vulnerabilities across any asset owned, controlled, or operated by Indeed (or that would reasonably impact the security of Indeed and our users) using the web form below. The Indeed Security team will acknowledge receipt of each vulnerability report, conduct a thorough investigation, and then take appropriate action for resolution.
VDP vs Bug Bounty
Security researchers who are interested in monetary rewards for reporting vulnerabilities should join Indeed’s Bug Bounty Program and submit through that program.
The following web form is submitted to our Vulnerability Disclosure Program (VDP) which is available for security researchers, industry partners, vendors, customers and consultants who would like to make a ‘good neighbor’ vulnerability disclosure. By reporting vulnerabilities through the following web form, you understand that this program is not rewardable.